Internet Security Threat Report

Symantec.com > Business > Internet Security Threat Report

Symantec Security Response conducts in-depth research and analysis of current Internet threat trends. Our detailed reports are designed to help your organization implement effective security measures to better protect and manage your information.

Symantec Report on the Underground Economy

The Symantec Report on the Underground Economy examines activity on underground economy servers observed by Symantec between July 1st, 2007 and June 30th, 2008. It includes analysis and discussion of the goods and services advertised, advertisers participating in the economy, the servers and channels that host the trading, and a snapshot of piracy activity observed.

This report, released November 24, 2008 is now available.

Symantec Report on the Underground Economy: November, 2008
Executive Summary: Symantec Report on the Underground Economy: November, 2008

Podcasts: November, 2008

Key Findings (November 24)
Learn more
Symantec Report on the Underground Economy – Good and Services (December 1)
Symantec Report on the Underground Economy- Servers and Channels (December 8)

Symantec Weblog: Postings on the Underground Economy
Learn more

Report Highlights

The underground economy has matured into a global market with the same supply and demand pressures and responses of any other economy. There are a great many servers and channels available to advertisers to market their wares, which they do, and often. Most people associate identity theft with money because most reported cases involve criminals using the identity for activities such as obtaining credit cards, applying for loans, obtaining expensive medical or pharmaceutical treatments, or even stealing house titles. Symantec estimates the value of total advertised goods on underground economy servers was over $276 million between July 1, 2007 and June 30, 2008.

During the reporting period, Symantec monitored 44,752 unique samples of sensitive information publicly posted on underground economy servers, which accounted for 10 percent of the total distinct messages. Sellers often publicly post samples of their goods in the channels on underground economy servers. These samples serve several purposes: to prove that sellers actually have the goods in their possession; to show potential buyers the quality of goods they can expect; to enhance their credibility, and; to allow users to validate the information. The following table identities the top samples of information posted:

Internet Security Threat Report

The Symantec Internet Security Threat Report offers analysis and discussion of threat activity over a six-month period. It covers Internet attacks, vulnerabilities, malicious code, phishing, spam and security risks as well as future trends. The thirteenth version of the report, released April 8, 2008, is available.

Internet Security Threat Report Volume XIII: April, 2008

Executive Summary: April, 2008

Volume XIII Highlights

Attackers have adopted stealth tactics that prey on end users on individual computers via the World Wide Web, rather than attempting high-volume broadcast attacks to penetrate networks. This may be because enterprise network attacks are now more likely to be discovered and shut down, whereas specifically targeted malicious activity on end-user computers and/or web-sites is less likely to be detected. Site-specific vulnerabilities are perhaps the most telling indication of this trend.

Site-specific vulnerabilities affect custom or proprietary web-site code. These vulnerabilities are a concern because they allow attackers to compromise specific web-sites, which can then be used to launch subsequent attacks. Social networking sites are a favorite target, as a successful compromise gives attackers access to a large number of people who are likely to trust the site. These sites often expose confidential user information that can then be used in attempts to conduct identity theft or online fraud.

Table 1. Site-specific Vulnerabilities

Source: Symantec Corporation during the last six months of 2007, 11,253 site-specific cross-site scripting vulnerabilities were documented, compared to 6,961 between February and June in the first half of the year.

Featured Media

Webcast: Internet Security Threat Report Volume XIII

Regional & Industry Reports

The following reports provide in-depth analysis on regional and government sector threat activity:

EMEA Internet Security Threat Report : April, 2008
APJ Internet Security Threat Report : April, 2008
Government Internet Security Threat Report : April, 2008

Podcasts

Podcast on the Symantec Report on the Underground Economy:

ISTR XIII - Key Findings
An overview of the threats and trends covered in Symantec's latest Internet Security Threat Report and offers strategies for mitigation. Listen now

ISTR XIII - Maturation of Underground Economy Servers
Symantec's discussion on underground economy servers - black market forums used by criminal organizations to advertise and trade stolen information and services. Listen now

ISTR XIII - Phishing Trends
Symantec assesses phishing according to two indicators: phishing attempts and phishing messages. A phishing attempt can be defined as an instance of a phishing message being sent to a single user. This podcast will cover phishing metrics, providing analysis and discussion of the data gathered by Symantec between July 1 and December 31, 2007. Listen now

Internet Security Threat Report Blog

Read what Symantec’s Security Response experts are writing about the latest issue of the Internet Security Threat Report

Resources

Symantec RSA 2008 Keynote

Security Leadership (ESG Analyst Report)

Symantec Report on the Underground Economy

Report Highlights

Internet Security Threat Report

Volume XIII Highlights

Table 1. Site-specific Vulnerabilities

Featured Media

Regional & Industry Reports

Podcasts

Internet Security Threat Report Blog

Archive